Exploiting these vulnerabilities could allow an attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database and to add arbitrary headers to a website.